From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: marcel@holtmann.org, johan.hedberg@gmail.com,
luiz.dentz@gmail.com, davem@davemloft.net, kuba@kernel.org,
sudipm.mukherjee@gmail.com
Cc: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, skhan@linuxfoundation.org,
gregkh@linuxfoundation.org,
linux-kernel-mentees@lists.linuxfoundation.org
Subject: [PATCH v6 4/6] Bluetooth: serialize calls to sco_sock_{set,clear}_timer
Date: Tue, 10 Aug 2021 12:14:08 +0800 [thread overview]
Message-ID: <20210810041410.142035-5-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210810041410.142035-1-desmondcheongzx@gmail.com>
Currently, calls to sco_sock_set_timer are made under the locked
socket, but this does not apply to all calls to sco_sock_clear_timer.
Both sco_sock_{set,clear}_timer should be serialized by lock_sock to
prevent unexpected concurrent clearing/setting of timers.
Additionally, since sco_pi(sk)->conn is only cleared under the locked
socket, this change allows us to avoid races between
sco_sock_clear_timer and the call to kfree(conn) in sco_conn_del.
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
net/bluetooth/sco.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 68b51e321e82..77490338f4fa 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -453,8 +453,8 @@ static void __sco_sock_close(struct sock *sk)
/* Must be called on unlocked socket. */
static void sco_sock_close(struct sock *sk)
{
- sco_sock_clear_timer(sk);
lock_sock(sk);
+ sco_sock_clear_timer(sk);
__sco_sock_close(sk);
release_sock(sk);
sco_sock_kill(sk);
@@ -1104,8 +1104,8 @@ static void sco_conn_ready(struct sco_conn *conn)
BT_DBG("conn %p", conn);
if (sk) {
- sco_sock_clear_timer(sk);
lock_sock(sk);
+ sco_sock_clear_timer(sk);
sk->sk_state = BT_CONNECTED;
sk->sk_state_change(sk);
release_sock(sk);
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: marcel@holtmann.org, johan.hedberg@gmail.com,
luiz.dentz@gmail.com, davem@davemloft.net, kuba@kernel.org,
sudipm.mukherjee@gmail.com
Cc: linux-kernel@vger.kernel.org, linux-bluetooth@vger.kernel.org,
netdev@vger.kernel.org,
Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
linux-kernel-mentees@lists.linuxfoundation.org
Subject: [PATCH v6 4/6] Bluetooth: serialize calls to sco_sock_{set, clear}_timer
Date: Tue, 10 Aug 2021 12:14:08 +0800 [thread overview]
Message-ID: <20210810041410.142035-5-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210810041410.142035-1-desmondcheongzx@gmail.com>
Currently, calls to sco_sock_set_timer are made under the locked
socket, but this does not apply to all calls to sco_sock_clear_timer.
Both sco_sock_{set,clear}_timer should be serialized by lock_sock to
prevent unexpected concurrent clearing/setting of timers.
Additionally, since sco_pi(sk)->conn is only cleared under the locked
socket, this change allows us to avoid races between
sco_sock_clear_timer and the call to kfree(conn) in sco_conn_del.
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
net/bluetooth/sco.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 68b51e321e82..77490338f4fa 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -453,8 +453,8 @@ static void __sco_sock_close(struct sock *sk)
/* Must be called on unlocked socket. */
static void sco_sock_close(struct sock *sk)
{
- sco_sock_clear_timer(sk);
lock_sock(sk);
+ sco_sock_clear_timer(sk);
__sco_sock_close(sk);
release_sock(sk);
sco_sock_kill(sk);
@@ -1104,8 +1104,8 @@ static void sco_conn_ready(struct sco_conn *conn)
BT_DBG("conn %p", conn);
if (sk) {
- sco_sock_clear_timer(sk);
lock_sock(sk);
+ sco_sock_clear_timer(sk);
sk->sk_state = BT_CONNECTED;
sk->sk_state_change(sk);
release_sock(sk);
--
2.25.1
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next prev parent reply other threads:[~2021-08-10 4:17 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-10 4:14 [PATCH v6 0/6] Bluetooth: fix locking and socket killing in SCO and RFCOMM Desmond Cheong Zhi Xi
2021-08-10 4:14 ` Desmond Cheong Zhi Xi
2021-08-10 4:14 ` [PATCH v6 1/6] Bluetooth: schedule SCO timeouts with delayed_work Desmond Cheong Zhi Xi
2021-08-10 4:14 ` Desmond Cheong Zhi Xi
2021-08-10 5:14 ` Bluetooth: fix locking and socket killing in SCO and RFCOMM bluez.test.bot
2021-08-10 17:51 ` Luiz Augusto von Dentz
2021-09-02 19:17 ` [PATCH v6 1/6] Bluetooth: schedule SCO timeouts with delayed_work Eric Dumazet
2021-09-02 19:17 ` Eric Dumazet
2021-09-02 19:32 ` Desmond Cheong Zhi Xi
2021-09-02 19:32 ` Desmond Cheong Zhi Xi
2021-09-02 21:41 ` Eric Dumazet
2021-09-02 21:41 ` Eric Dumazet
2021-09-02 22:53 ` Desmond Cheong Zhi Xi
2021-09-02 22:53 ` Desmond Cheong Zhi Xi
2021-09-02 23:05 ` Desmond Cheong Zhi Xi
2021-09-02 23:05 ` Desmond Cheong Zhi Xi
2021-09-02 23:42 ` Luiz Augusto von Dentz
2021-09-02 23:42 ` Luiz Augusto von Dentz
2021-09-03 3:17 ` Desmond Cheong Zhi Xi
2021-09-03 3:17 ` Desmond Cheong Zhi Xi
2021-08-10 4:14 ` [PATCH v6 2/6] Bluetooth: avoid circular locks in sco_sock_connect Desmond Cheong Zhi Xi
2021-08-10 4:14 ` Desmond Cheong Zhi Xi
2021-08-10 4:14 ` [PATCH v6 3/6] Bluetooth: switch to lock_sock in SCO Desmond Cheong Zhi Xi
2021-08-10 4:14 ` Desmond Cheong Zhi Xi
2021-08-10 4:14 ` Desmond Cheong Zhi Xi [this message]
2021-08-10 4:14 ` [PATCH v6 4/6] Bluetooth: serialize calls to sco_sock_{set, clear}_timer Desmond Cheong Zhi Xi
2021-08-10 4:14 ` [PATCH v6 5/6] Bluetooth: switch to lock_sock in RFCOMM Desmond Cheong Zhi Xi
2021-08-10 4:14 ` Desmond Cheong Zhi Xi
2021-08-10 4:14 ` [PATCH v6 6/6] Bluetooth: fix repeated calls to sco_sock_kill Desmond Cheong Zhi Xi
2021-08-10 4:14 ` Desmond Cheong Zhi Xi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210810041410.142035-5-desmondcheongzx@gmail.com \
--to=desmondcheongzx@gmail.com \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=johan.hedberg@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=sudipm.mukherjee@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.